Chrome PHP
Products
1- 8 CVEs
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2010-4039 | Cri | 0.64 | 9.8 | 0.01 | Oct 21, 2010 | Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors. | ||
| CVE-2021-21230 | Hig | 0.57 | 8.8 | 0.02 | Apr 30, 2021 | Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2020-6381 | Hig | 0.57 | 8.8 | 0.02 | Feb 11, 2020 | Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2025-48883 | Med | 0.27 | — | 0.00 | May 30, 2025 | Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS (cross-site scripting) vulnerabilities. This is patched in v1.14.0. As a workaround, users… | ||
| CVE-2025-2509 | 0.00 | — | 0.00 | May 6, 2025 | Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in… | |||
| CVE-2013-2856 | 0.00 | — | 0.01 | Jun 5, 2013 | Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input. | |||
| CVE-2010-3254 | 0.00 | — | 0.02 | Sep 7, 2010 | The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2004-1831 | 0.00 | — | 0.03 | Dec 31, 2004 | Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read. |
- risk 0.64cvss 9.8epss 0.01
Google Chrome before 7.0.517.41 on Linux does not properly set the PATH environment variable, which has unspecified impact and attack vectors.
- risk 0.57cvss 8.8epss 0.02
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.27cvss —epss 0.00
Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS (cross-site scripting) vulnerabilities. This is patched in v1.14.0. As a workaround, users…
- CVE-2025-2509May 6, 2025risk 0.00cvss —epss 0.00
Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in…
- CVE-2013-2856Jun 5, 2013risk 0.00cvss —epss 0.01
Use-after-free vulnerability in Google Chrome before 27.0.1453.110 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of input.
- CVE-2010-3254Sep 7, 2010risk 0.00cvss —epss 0.02
The WebSockets implementation in Google Chrome before 6.0.472.53 does not properly handle integer values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2004-1831Dec 31, 2004risk 0.00cvss —epss 0.03
Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read.